directory with apache authentication but one file that open to everyone - apache

I would like to have directory protected with apache authentication but one file so I did:
<Directory /path/to/dir>
AuthType Basic
AuthName "Private Pages"
AuthBasicProvider file
AuthUserFile /path/to/.htpasswd
require user userid
<FilesMatch "^exception.html$">
Order Allow,Deny
allow from All
</FilesMatch>
</Directory>
But it not work all the files ask for password.
I tried also with \ before the dot in the file name and with :
<File exception.html>
Nothing help it ask for a password for all the files including exception.html
What I'm doing wrong?
Thanks

You should check out this similar question on serverfault:
How to use basic auth for single file in otherwise forbidden Apache directory?

Related

Protect only a directory with htpasswd

I would like to protect the protect-me-dir directory with http password. I tried this code:
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/iterator/public_html/protect-me-dir/.htpasswd
require valid-user
It works, but unfortunately it asks for the password everywhere, not just in protect-me-dir. How is it possible to protect only that directory?
If I put this code inside <Directory "/home/iterator/public_html/protect-me-dir">...</Directory>, I get Internal Server Error
Just put the .htaccess file in the directory you want to password-protect. It is a per-directory config file.

.htaccess doesn't ask me for password

I'm trying to protect a directory adding a .htaccess and a .htpasswd but instead asking me for password, it goes to the home page of my site directly.
My .htaccess is being read (put some garbage in it and I got 500 error).
Here's my .htaccess :
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/Applications/MAMP/htdocs/backoffice_mollanger/app/.htpasswd"
Require valid-user
And my .htpasswd
Admin:gl0IiOirI2n6M
First of all, remove the speech marks you have around the .htpasswd location, they should not be there. If that does not help then try using this, you can specify the directory you want to protect by stating the file name in replace of example:
<Files /example>
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile /Applications/MAMP/htdocs/backoffice_mollanger/app/.htpasswd
Require valid-user
</Files>

Apache - Displaying files but password protecting them

I have a folder on my apache virtualhost called 'ProtectedFiles'
I want indexing available for this section, so all the files in this folder can be shown, but I want one of the files themselves to be password protected.
Folder structure:
site
site/ProtectedFiles
site/ProtectedFiles/Dummy1, Dummy2, Dummy3, .htaccess
In my .htaccess I have the following.
AuthUserFile /etc/httpd/conf/.htpasswd
AuthName "Protected files"
AuthType Basic
<Files "Dummy1">
require valid-user
</Files>
So I am password protecting the file 'Dummy1' and it works, when I go to site/ProtectedFiles/Dummy1 it asks for a password, but the file doesn't show in the directory / index.
Basically, asking how do you password protect AND show the file in the directory.
You can use IndexOptions +ShowForbidden directive to display files that require a password, and the FilesMatch directive to indicate which files you want to protect.
IndexOptions +ShowForbidden
<FilesMatch "Dummy[0-9]+">
AuthName "Username and password required"
AuthUserFile .htpasswd
Require valid-user
AuthType Basic
</FilesMatch>
Don't leave the .htpasswd file in the same directory - this is just an example.

apache .htaccess show directory index only to authenticated user

i have this directory structure on my web server:
web
privatedir1
privatedir2
publicdir
file1
file2
file3
i want to set the following functionality using .htaccess files:
user 'admin' (authenticated) has unlimited access to all dirs (incl. dir indexes)
anyone else can download file1, file2, file3 but can not see listing (index) of publicdir
can you please describe how to achieve this with .htaccess files?
i know how to allow/disallow directory indexes but i can't figure out how to do it conditionaly (depending on whether the user is authenticated or not)
thank you very much.
Here is a very basic example, but that's how you can do it.
<Directory /srv/dev/>
AllowOverride All
Options +Indexes
AuthType Basic
AuthUserFile /srv/.htpasswd
Require valid-user
</Directory>
<Directory /srv/dev/apps/>
<If "%{REQUEST_URI} != '/'">
Require all granted
</If>
</Directory>
I think your answer might lie at this URL
htaccess allow access to specific user
"You'll need to create a user database/specific user you want to allow with the htpasswd utility. From there, in your htaccess file in the directory you want to limit, use:"
AuthUserFile /path/to/.htpasswd
AuthName "Authorization Form Title"
AuthType Basic
#Allow any valid user
require valid-user
#Allow only one user with specified username
require user username
"More information can be found at plenty of online references, this is one of the first that came up: http://www.apacheweek.com/features/userauth"

Exclude folder from htpasswd

I need to password protect a website with a username/password but need to keep the "/assets" folder accessible as files like images/css are being embedded on other sites.
I have this for the protection:
Order Allow,Deny
AuthType Basic
AuthName "Password"
AuthUserFile /var/www/.htpasswd
Require valid-user
Satisfy Any
How can I specify to protect everything bar the /assets folder?
You'd use, in a .htaccess file in the assets/ directory:
Satisfy Any
Order Allow,Deny
Allow from all
See the examples here: http://httpd.apache.org/docs/2.2/mod/core.html#require